Tremwil

**Name of the Vulnerable Software and Affected Versions** Dark Souls III versions through 2022-03-19 **Description** The matchmaking servers allow remote attackers to send arbitrary push requests to clients via a "RequestSendMessageToPlayers" request. This issue is restricted on the client side and can be bypassed with a modified client, potentially allowing the sending of push messages to hundreds of thousands of machines. **Recommendations** For versions through 2022-03-19, as a temporary workaround, consider restricting access to the `RequestSendMessageToPlayers` request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dark Souls III versions through 2022-03-19 **Description** A buffer overflow in the NRSessionSearchResult parser allows remote attackers to execute arbitrary code via matchmaking servers. **Recommendations** For versions through 2022-03-19, at the moment, there is no information about a newer version that contains a fix for this vulnerability.